Re: [Uta] Proposed definition of opportunistic encryption using TLS: draft-hoffman-uta-opportunistic-tls-00.txt

[Stephen Farrell <stephen.farrell@cs.tcd.ie>]

Hi Paul,

On this one, I don't really care which, if any, WG, ends up
processing a draft defining these terms, but it is important
that the definitions related to the use of the term
opportunistic and crypto be ones that work for more than
TLS, this WG and the apps area, but are as well accepted
for the entire IETF. For example, IPsec and even MPLS folk
should be able to use the same terms without confusion arising.

Note also that there will be discussion on this topic at the
STRINT w/s before IETF-89 and I have some hope that we can
get agreement quickly enough between there and the following
week of meetings that it won't matter which WG "owns" the
draft.

On your draft Paul, I don't think it really covers that
charter work item since it only has some definitions. But
that said, if we conclude a WG document is better, I'm fine
if this WG is the place to write down the definitions so
long as those are more broadly accepted.

And a few more near-random comments:

Ending up with substantively different definitions for
the term opportunistic e.g. when used with TLS and IPsec
would be a dumb outcome IMO. At present we do have such
confusion and we do need to fix that, so a draft like
Paul's that does define the terms is something we do
want. I know that Steve Kent is also working on a different
draft that defines these terms, perhaps differently.
I've not thought about which of the two might be a
better starting point, and Steve's isn't yet published
so others can't either. (Steve's text will be published
at the end of this week with other STRINT submissions
though.)

So I think this is one to discuss in London.

S.



On 02/03/2014 05:03 AM, Paul Hoffman wrote:
> Greetings again. One of the deliverables in our charter is:
> 
>    - Consider, and possibly define, a standard way for an application
>      client and server to use unauthenticated encryption through TLS
>      when server and/or client authentication cannot be achieved.
> 
> I think that wording was sloppy, and would like the WG to come up with a clear definition of what it is we want application protocols to possibly support in order to thwart pervasive monitoring. I put together my ideas in a very short draft.
> 
> If folks like the idea of this definition, I think it would be appropriate for a WG document.
> 
> --Paul Hoffman
> 
> 
> Begin forwarded message:
> 
>> From: internet-drafts@ietf.org
>> Subject: I-D Action: draft-hoffman-uta-opportunistic-tls-00.txt
>> Date: February 2, 2014 at 8:59:10 PM PST
>> To: i-d-announce@ietf.org
>> Reply-To: internet-drafts@ietf.org
>>
>>
>> A New Internet-Draft is available from the on-line Internet-Drafts directories.
>>
>>
>>        Title           : Opportunistic Encryption Using TLS
>>        Author          : Paul Hoffman
>> 	Filename        : draft-hoffman-uta-opportunistic-tls-00.txt
>> 	Pages           : 5
>> 	Date            : 2014-02-02
>>
>> Abstract:
>>   This document defines the term "opportunistic encryption using TLS"
>>   as it applies to application protocols that use TLS.
>>
>>
>> The IETF datatracker status page for this draft is:
>> https://datatracker.ietf.org/doc/draft-hoffman-uta-opportunistic-tls/
>>
>> There's also a htmlized version available at:
>> http://tools.ietf.org/html/draft-hoffman-uta-opportunistic-tls-00
> 
> _______________________________________________
> Uta mailing list
> Uta@ietf.org
> https://www.ietf.org/mailman/listinfo/uta
>